“You might want to stay off the internet for a while”

Mmmmmmmm.

That doesn’t sound good.  Especially since its from a credible source whose enterprise is entirely concerned with privacy and anonymity on the internet.  From the Tor website:

OpenSSL bug CVE-2014-0160  Posted April 7th, 2014

A new OpenSSL vulnerability on 1.0.1 through 1.0.1f is out today, which can be used to reveal memory to a connected client or server.

If you’re using an older OpenSSL version, you’re safe.

Read on…

 The BBC put out the word:

A bug in software used by millions of web servers could have exposed anyone visiting sites they hosted to spying and eavesdropping, say researchers.

The bug is in a software library used in servers, operating systems and email and instant messaging systems.

Called OpenSSL the software is supposed to protect sensitive data as it travels back and forth.

It is not clear how widespread exploitation of the bug has been because attacks leave no trace.

Read more …

Because we’ve an addict in the house (he keeps it under control), I happened to notice the report that Minecraft went offline while servers were patched.

Update; BBC: Heartbleed Bug: Tech firms urge password reset

BloombergBusinessWeek: Why Heartbleed, the Latest Cybersecurity Scare, Matters

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.